Vulnerability
Vulnerability scanning for Docker local images allows developers and development teams to review the security state of the container images and take actions to fix issues identified during the scan, resulting in more secure deployments.
CVE
Overview. CVE, short for Common Vulnerabilities and Exposures, is a list of publicly disclosed computer security flaws. When someone refers to a CVE, they mean a security flaw that's been assigned a CVE ID number. Security advisories issued by vendors and researchers almost always mention at least one CVE ID
Docker scan command
Docker Scan runs on Snyk engine, providing users with visibility into the security posture of their local Dockerfiles and local images.
Scan Docker images to check the Vulnerability using docker scan
Step 1: Install docker scan plugin
mkdir -p ~/.docker/cli-plugins
curl https://github.com/docker/scan-cli-plugin/releases/latest/download/docker-scan_linux_amd64 -L -s -S -o ~/.docker/cli-plugins/docker-scan
chmod +x ~/.docker/cli-plugins/docker-scan
Step 2: Download hello-world image and scan the vulnerabilities
docker pull hello-world
docker scan hello-world
It will give the docker image vulnerabilities scan report on the basis of that you can decide to use this docker image or not.
Step 3: Lets scan docker image ramansharma95/webapp
docker scan ramansharma95/webapp
It will return a report which shows the Low/Medium/High serverity issues.
0 comments:
Post a Comment